HPE Community
Switches, Hubs, and Modems
1752583 Members
4362 Online
108788 Solutions
New Discussion юеВ

Re: Port Security Problem

 
SOLVED
Go to solution
Aji B. Brillantes
Advisor

тАО07-03-2006 08:14 PM

тАО07-03-2006 08:14 PM

Port Security Problem

I have a procurve egde switches and I enabled the port security using the command "port-security xx learn-mode static action send-disable address-limit 1" (where xx is the port). The problem is when I clear the intrusion flags and enable the port the PC connected to it still can't get an IP. Can you teach me howto configure port security properly and howto enable the port again. Thanks!
0 Kudos
8 REPLIES 8
Matt Hobbs
Honored Contributor

тАО07-03-2006 08:31 PM

тАО07-03-2006 08:31 PM

Re: Port Security Problem

Is the port disabling itself again straight away? It sounds like you may have more than 1 mac-address on that port.

If you simply just re-enable the port, it should operate as normal. It is only when you clear the intrustion flag that it is ready again to disable itself if there is a port-security violation.

0 Kudos
Mohieddin Kharnoub
Honored Contributor

тАО07-03-2006 08:35 PM

тАО07-03-2006 08:35 PM

Re: Port Security Problem

Hi

Since you want to lock the port for one address, AND if you know the MAC address in advance, lockout is preferable to relying upon port-security to stop access from known devices because it can be blocked for all ports on the switch with one command.

To be more Dynamic, use Limited option with Port Security:

port-security [port list] learn-mode limited [address-limit X] [action (none | send-alarm | send-disable)]

example: port-security A1,A3-A5 learn-mode limited address-limit 4 action send-disable

Note:
If Port is disabled from an intrusion; after the port is reenabled,the port will not disable itself after another intrusion

So be sure to reset the intrusion flag.


Don't forget to assign points my dear.

Good Luck !!!
Science for Everyone
0 Kudos
Aji B. Brillantes
Advisor

тАО07-03-2006 09:40 PM

тАО07-03-2006 09:40 PM

Re: Port Security Problem

Thanks for your help. The scenario is like this, 2 PC connected to a switch, PC1 connected to port 1 and PC2 connected to port 2. PC1 was removed from the switch and a new PC(PC3) was connected to port 1. Port 1 was disbaled after I connect PC3 on port 1. my problem is that port 1 keeps on disbaling after I enable it. and when I checked port 1 the mac address of PC1 is still there.
0 Kudos
Aji B. Brillantes
Advisor

тАО07-03-2006 09:50 PM

тАО07-03-2006 09:50 PM

Re: Port Security Problem

I enabled the port without clearing the intrustion flag, but the New PC connected to it cannot get an ip (limited connection) and when I configured it with a static IP is still cannot connect to te network.
0 Kudos
Aji B. Brillantes
Advisor

тАО07-03-2006 09:55 PM

тАО07-03-2006 09:55 PM

Re: Port Security Problem

May be the problem is with the mac address of the old PC connected to the port. How do I clear again the port from the old mac address?
0 Kudos
Mohieddin Kharnoub
Honored Contributor

тАО07-03-2006 10:23 PM

тАО07-03-2006 10:23 PM

Re: Port Security Problem

My dear

If you have enabled Port Security as you mentioned before, then:

- Disconnect PC3.
- Go to the switch by the Web interface or CLI.
- Enbale the Port.
- Then Clear the Intrusion Log.
- If you have configured PC1's Mac address, then change it to PC3's one.
- Confirm this with: show port-security [e] . --- you should not see under Authorized Addresses, the Mac for PC1 or others.


Now you connect PC3.

If it works, then don;t forget to issue Write Memory.

Good Luck !!!
Science for Everyone
0 Kudos
Aji B. Brillantes
Advisor

тАО07-03-2006 10:51 PM

тАО07-03-2006 10:51 PM

Re: Port Security Problem

My problem is the switch and PC is located to a different building and I don't know the MAC address of PC3. Is there a fast way to clear the old mac address?
0 Kudos
Matt Hobbs
Honored Contributor

тАО07-03-2006 11:19 PM

тАО07-03-2006 11:19 PM

Solution

Re: Port Security Problem

From the CLI:

Delete the address by using 'no port-security macaddress
.

For more information please refer to the port security chapter:

ftp://ftp.hp.com/pub/networking/software/Security-Oct2005-59906024-Chap09-Port_Security.pdf
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.